diff --git a/builtin/audit/syslog/backend.go b/builtin/audit/syslog/backend.go new file mode 100644 index 0000000000..5901386d68 --- /dev/null +++ b/builtin/audit/syslog/backend.go @@ -0,0 +1,60 @@ +package file + +import ( + "bytes" + + "github.com/hashicorp/go-syslog" + "github.com/hashicorp/vault/audit" + "github.com/hashicorp/vault/logical" +) + +func Factory(conf map[string]string) (audit.Backend, error) { + // Get facility or default to AUTH + facility, ok := conf["facility"] + if !ok { + facility = "AUTH" + } + + // Get tag or default to 'vault' + tag, ok := conf["tag"] + if !ok { + tag = "vault" + } + + // Get the logger + logger, err := gsyslog.NewLogger(gsyslog.LOG_INFO, facility, tag) + if err != nil { + return nil, err + } + + b := &Backend{ + logger: logger, + } + return b, nil +} + +// Backend is the audit backend for the syslog-based audit store. +type Backend struct { + logger gsyslog.Syslogger +} + +func (b *Backend) LogRequest(auth *logical.Auth, req *logical.Request) error { + var buf bytes.Buffer + var format audit.FormatJSON + if err := format.FormatRequest(&buf, auth, req); err != nil { + return err + } + _, err := b.logger.Write(buf.Bytes()) + return err +} + +func (b *Backend) LogResponse(auth *logical.Auth, req *logical.Request, + resp *logical.Response, err error) error { + var buf bytes.Buffer + var format audit.FormatJSON + if err := format.FormatResponse(&buf, auth, req, resp, err); err != nil { + return err + } + _, err = b.logger.Write(buf.Bytes()) + return err +} diff --git a/cli/commands.go b/cli/commands.go index ca609ce37e..d876241e63 100644 --- a/cli/commands.go +++ b/cli/commands.go @@ -4,6 +4,7 @@ import ( "os" auditFile "github.com/hashicorp/vault/builtin/audit/file" + auditSyslog "github.com/hashicorp/vault/builtin/audit/syslog" credAppId "github.com/hashicorp/vault/builtin/credential/app-id" credCert "github.com/hashicorp/vault/builtin/credential/cert" @@ -49,7 +50,8 @@ func Commands(metaPtr *command.Meta) map[string]cli.CommandFactory { return &command.ServerCommand{ Meta: meta, AuditBackends: map[string]audit.Factory{ - "file": auditFile.Factory, + "file": auditFile.Factory, + "syslog": auditSyslog.Factory, }, CredentialBackends: map[string]logical.Factory{ "cert": credCert.Factory,